Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.

Slides:



Advertisements
Similar presentations
Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Advertisements

FULLY HOMOMORPHIC ENCRYPTION
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
Allison Lewko TexPoint fonts used in EMF.
Functional Encryption & Property Preserving Encryption
Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.
Secure Evaluation of Multivariate Polynomials
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
See you at the next conference! Hope you like our slides Hello everybody!
Encryption Public-Key, Identity-Based, Attribute-Based.
Dual System Encryption: Concept, History and Recent works Jongkil Kim.
Garbled RAM, Revisited Daniel Wichs (Northeastern University) Joint work with: Craig Gentry, Shai Halevi, Seteve Lu, Rafail Ostrovsky, Mariana Raykova.
On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),
S EMANTICALLY - SECURE FUNCTIONAL ENCRYPTION : P OSSIBILITY RESULTS, IMPOSSIBILITY RESULTS AND THE QUEST FOR A GENERAL DEFINITION Adam O’Neill, Georgetown.
Dennis Hofheinz, Jessica Koch, Christoph Striecks
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Oblivious Transfer based on the McEliece Assumptions
Identity Based Encryption
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
Broadcast Encryption with Multiple Trust Authorities Alexander W. Dent Information Security Group Royal Holloway, University of London.
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
Anonymity and Robustness in Encryption Schemes Payman Mohassel University of Calgary.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.
Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Realizing Hash and Sign Signatures under Standard Assumptions Realizing Hash and Sign Signatures under Standard Assumptions Susan Hohenberger Johns Hopkins.
Functional Encryption: An Introduction and Survey Brent Waters.
ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption Danfeng Yao Nelly Fazio Brown University New.
1 Hierarchical Identity-Based Encryption with Constant Size Ciphertext Dan Boneh, Xavier Boyen and Eu-Jin Goh Eurocrypt 2005 投影片製作:張淑慧.
Functional Encryption: Beyond Public Key Cryptography
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
The Generic Transformation from Standard Signatures to Identity-Based Aggregate Signatures Bei Liang, Hongda Li, Jinyong Chang.
1 Attribute-Based Encryption Brent Waters SRI International.
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
Attribute-Based Encryption with Non-Monotonic Access Structures
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-
1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.
Definition and applications Lossy Trapdoor Functions 2.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.
Witness Encryption and Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry IBM Allison Lewko Columbia Amit.
Attribute-Based Encryption
Public Key Encryption with Keyword Search
David Cash (UCSD) Dennis Hofheinz (KIT) Eike Kiltz (CWI) Chris Peikert (GA)
Based on work with: Sergey Gorbunov and Vinod Vaikuntanathan Homomorphic Commitments & Signatures Daniel Wichs Northeastern University.
1 Efficient Selective-ID IBE Without Random Oracle Dan Boneh Stanford University Xavier Boyen Voltage Security.
1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
1 Compact Group Signatures Without Random Oracles Xavier Boyen and Brent Waters.
Constructing Verifiable Random Functions for Large Input Spaces Brent Waters Susan Hohenberger.
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
Boneh-Franklin Identity Based Encryption Scheme
Risky Traitor Tracing and New Differential Privacy Negative Results
ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption Danfeng Yao Nelly Fazio Brown University New.
Fuzzy Identity Based Encryption
Functional Encryption: An Introduction and Survey
Lossy Trapdoor Functions and Their Applications
The power of Pairings towards standard model security
Identity Based Encryption from the Diffie-Hellman Assumption
Presentation transcript:

Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters

2 Identity-Based Encryption [S84,BF01,C01] Public ParamsMSK ID’ ID Authority Decrypt iff ID’ = ID

IBE Security [BF01] Challenger M 0, M 1, ID *  ID i (challenge ID) Attacker Public Params ID 1 … ID Q bEnc(M b, PP, ID * ) b’ Adv = Pr[b’=b] -1/2

IBE Security Proofs  “Partitioning” [BF01, C01, CHK03, BB04, W05] Simulator Challenge Space ID Space Priv. Key Space  2 Goals:  Answer Attacker Queries  Use Attacker Response Attacker

Partitioning and Aborts Simulator ID Space Priv. Key Space Challenge Space ID 1 ID 2 … … ID Q ID * (challenge ID)  Attacker Abort and try again

Finding a Balance Simulator Challenge Space ID Space Priv. Key Space  Aborts effect security loss  Challenge Space -> “right size”  C.S. = 1/Q (for Q queries ) => 1/Q no abort

Structure gives problems!  Hierarchical IBE  Q queries per HIBE level => (1/Q) depth loss  Attribute-Based Encryption similar :edu :gov Partitioning won’t work!

The Gentry Approach [G06,GH09]  Ready for both  Shove degree Q poly into Short params => Complex Assumption

Our Results  IBE (w/ short parameters)  HIBE  Broadcast Encryption  Full Security  Simple Assumption: Decision Linear Given: g, u, v, g a, u b, Dist: v a+b from R

Dual System Encryption  2 types of Keys & CTs ID Normal ID Semi-Functional ID Normal Semi-Functional Used in real system ID  Types are indist. (with a caveat)

Principles Simulator  No aborts  Change things slowly  Hybrid over keys form  Goal: Everything Semi Functional I’m ready for anything!

Proof Overview – 3 Steps Simulator 1)Challenge CT  Semi Func. 2)Keys  Semi. Func. (one at a time!!) 3)Argue Security ID 1 ID 2 … ID Q ID * ID 1 ID 2 ID Q ID

Problem: Simulator can test keys! Simulator  Create S.F. CT for “Bob” and unknown key for “Bob”  Decryption works iff key is normal “Bob” ?

Resolution: Tweak Semantics  Add “tags” t c, t k to C.T. and Key  Decrypt iff ID c = ID k AND t c  t k  Negl. correctness error (can patch)  SW08 revocation ID c, t c ID K, t K

Problem: Simulator can test keys! Simulator  Sim. Picks A, B 2 Z p : F(ID) = A ¢ ID + B  Challenge CT and unknown key tags  F(ID) “Bob”, t k =x ? “Bob”, t c =x  Dec. Fails regardless of Semi Functionality!  2 different IDs look independent  Hybrid  simple assumption

How it is built  Subgroup version N= p 1 p 2 p 3 ID Normal ID Normal S.F. ID S.F. p2p2 p1p1 p3p3

Glimpse of Subgroup Construction Setup:  Similarities to Boneh-Boyen04  D. Linear same concepts, more messy KeyGen(ID): Encrypt(ID,M):

Conclusions and Speculation  Dual Encryption: Change Forms First!  One by one  Small Assumptions  HIBE, B.E. became easier  Prediction: ABE + Functional Enc.  Need new techniques  Prediction: Simple Assumptions & Full Security

Dual Interpretation Selective Security + Assumptions were bad  Not ultimately necessary Interpretation 1: They lead us in the right directions  Full secure schemes “look like” selective  Gentry06 beyond partitioning Alternative:

20 Thank you

The Gentry Approach [G06,GH09]  Ready for both  Simulator 1-key per identity – always looks good  Shove degree Q poly into Short params => Complex Assumption

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.